The writing on the wall for IoT device manufacturers is to get serious about security and develop fruitful channel partnerships with network technology providers. The consensus among enterprise professionals is that IoT security has emerged as a front-of-mind topic. Indeed, a year’s worth of IoT hacks and botnet headlines have underscored both the slow adoption of security-focused manufacturing and the obvious need for it.
At last, there is undoubtedly a rising impetus. IoT device manufacturers are realizing that future success in the industry won’t just be about providing desired device functionality and competitive price points. Market pressure and likely regulatory action will drive device security to become a required capability, and the businesses creating the devices will want to be ahead of the transition.
We now see how dangerous a threat unsecured IoT devices represent to manufacturers, ISPs and network technology solution providers. Unsecured smart devices that are exploited can wreak havoc on users’ lives, and certainly damage the brand reputations of those manufacturers. From a macro vantage point, attackers are targeting unsecured IoT devices with malware designed to seek out and infect all the vulnerable devices they find, which are then exploited en masse to create IoT botnets and perform distributed denial of service (DDoS) attacks.
Invisible to the owner, hackers command thousands of compromised devices to direct their collected bandwidth at an online target, overwhelming systems and effectively interrupting the functionality of either websites or critical internet infrastructure. One highly visible example that speaks to the danger of these attacks is the Mirai botnet, which succeeded in taking DNS provider Dyn offline along with 1,200 popular websites including Amazon and Twitter. A subsequent attack by the IoT botnet interrupted internet service throughout the country of Liberia. And, even more recently, the Reaper IoT botnet has been identified and found to have infected a million networks, according to an early estimate. In any case, Reaper presents the latest escalation in the threats that unsecured devices pose to users, websites and the integrity of the internet itself. Brand damage, lost revenue, missed consumer engagement, engineering hours lost to emergency response are but a few of the real consequences inherent in an unsecured IoT landscape.
The increased seriousness and public awareness of these threats will rightly result in the marketplace rejecting devices that remain ripe for exploit. Just as media reports about data breaches have devastating reputational effects on the brands responsible, IoT device manufacturers need to address their security challenges – and they know it. However, the burden of implementing IoT device security needed shouldn’t be borne by IoT device manufacturers internally, or even by their devices alone. In reality, the vast majority of IoT devices on the market don’t possess the resources (or aren’t constructed with built-in mechanisms) to defend themselves properly. Without a CPU or internal memory, it isn’t possible to rely on security agent software, or for devices to have a sophisticated awareness of the purposes for which they are being used. And, expecting connected device owners to hold the responsibility for securing products in their network environments will never be viable.
The most effective way forward is for IoT device manufacturers to develop partnerships with providers of networking technology – such as hub, router, firewall or unified threat management businesses – which include integrated capabilities for securing IoT devices. That’s the clearest path to wholesale IoT device monitoring, profiling, and the ability to detect anomalous device behavior.
Such partnerships can be powerful because network equipment is an ideal watchtower for IoT security measures to be located atop, allowing them to identify and protect devices as they connect to the network. From this position at the center of network traffic, security technology can analyze the unique communications from each device on the network, recognizing the exact nature of the device in order to tell acceptable behavior from the activities of a compromised device. Using these capabilities, network equipment can then ensure that IoT devices are secure – and immediately neutralize their activities if they are not.
In an IoT industry where effective security will soon hold great sway on the product differentiation landscape, manufacturers must partner with network equipment providers that can safeguard their devices and make sure they function as intended.